Cyph accounts are currently in private beta testing, while our one-click anonymous ephemeral chat is available for anyone to use in one click (no signup or device setup required; just click Start New Cyph above).

This chart illustrates where Cyph generally stands in comparison to alternative solutions:

Security Considerations

More than anything else, the goal of Cyph is to keep information as secure as possible — meaning private communication must remain confidential and mutually verifiable as authentic, and publicly shared data must be globally verifiable as authentic.

In addition to a very successful audit/pentest by Cure53 (report), continuing internal reviews and architectural consultation with Cure53, and heavy use of automated static code analysis, the core technologies employed to accomplish this are:

Note that quantum-resistant cryptography is a feature unique to Cyph among high-security messengers, and by default is always enabled.

While superior for securing extraordinarily sensitive data (and now recommended by the NSA), it is less space/bandwidth-efficient than classical cryptography, so for some use cases it may be desirable to deploy a self-hosted Cyph environment with the quantum-resistant cryptography flagged off.

Usability Considerations

Secondarily, Cyph aims to package this security in a way that’s intuitive and pleasant to use, because the most secure lock in the world isn’t very helpful if it’s too complicated for real people to use or too easy to accidentally leave unlocked.

The following factors combine to give Cyph a user experience comparable to non-secure communication software — without compromising on our security requirements or making our user protections easy to circumvent:

The web as a platform has traditionally been unsuitable for high-security applications due to its Trust On Every Use code integrity model. Because of this, encrypted messengers have been forced to choose between the major usability drawback of not supporting the web and the massive security footgun of supporting it (silently risking all “private” user data).

The subject of our talks at Black Hat and DEF CON, WebSign is our patented “secure web application” (Trust On First Use in-browser code signing) technology that uniquely enables Cyph to sidestep this choice and get the best of both worlds. By supporting the web, Cyph makes initial onboarding and day-to-day use faster and more familiar to users.

Public key authentication

Alternative solutions require in-person mutual public key verification each time one adds a new contact (and each time an existing contact registers a new device) — if any meaningful form of authentication is supported at all. Skipping this step throws any privacy guarantees out the window by leaving users vulnerable to man-in-the-middle attacks. However, almost every user does skip this step, making for a theoretically sound technical architecture that is more easily exploitable in practice.

To ensure a strong baseline authenticity guarantee, a PKI scheme based around the Air Gapped Signing Environment is employed. User public key security is thus tied to the physical security of the AGSE — something that already must remain secure for WebSign anyway. While additional forms of authentication may be supported in the future, this is much more practical than than leaving users out in the open with unauthenticated keys by default.

Centralized data storage and syncing

Alternative solutions treat multiple devices belonging to the same user as entirely separate, with user data being partitioned among those devices and never consolidated in any one place.

Cyph uses a symmetric key derived from a strong (128-bit minimum) user password — preferentially a secure memorable passphrase — to enable seamless cloud-based synchronization of state between all devices in real time. With this, all user data is redundantly backed up and users can seamlessly move between devices as with more advanced non-secure solutions.

Username-based identification

Alternative solutions have largely settled on phone numbers as a means of identification, in stark contrast to the more familiar experience of usernames.

Cyph has made the opposite decision. There’s no particular security concern here (cryptographically speaking), but as a practical consideration it may not always be ideal to divulge one’s phone number, and numbers are generally more cumbersome to work with than usernames.

Intellectual Property

To remove all doubt as to which components of Cyph are and are not proprietary to Cyph, Inc., this is the intellectual property status of all relevant technologies: